Bug 360 - Master and Slave node password visible in running replication process
Summary: Master and Slave node password visible in running replication process
Status: RESOLVED FIXED
Alias: None
Product: Slony-I
Classification: Unclassified
Component: slon (show other bugs)
Version: devel
Hardware: All Linux
: low critical
Assignee: Slony Bugs List
URL:
Depends on:
Blocks:
 
Reported: 2015-10-04 23:59 UTC by zaidshabbir
Modified: 2015-10-05 08:39 UTC (History)
1 user (show)

See Also:

Attachments
password visible in running slony processes (62.63 KB, image/png)
2015-10-04 23:59 UTC, zaidshabbir 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description zaidshabbir 2015-10-04 23:59:56 UTC 
Created attachment 213 [details]
password visible in running slony processes

Tested on Linux
Tested with Replication 2.2.4

1. Initialize master and slave node.
2. Launch slony replication process.
3. Now grep the running replication process.
    { ps -ef|grep replication }
4. ps return the running processes with password of slave & master nodes.
Comment 1 Christopher Browne 2015-10-05 08:39:39 UTC 
It has long been recommended to use .pgpass so that passwords are not captured in configuration in places like this.

http://slony.info/documentation/2.2/security.html

If you put passwords into conninfo strings, then it is well-known that it is likely to be visible to Unix users.